o Move per-process jail pointer (p->pr_prison) to inside of the subject

  credential structure, ucred (cr->cr_prison).
o Allow jail inheritence to be a function of credential inheritence.
o Abstract prison structure reference counting behind pr_hold() and
  pr_free(), invoked by the similarly named credential reference
  management functions, removing this code from per-ABI fork/exit code.
o Modify various jail() functions to use struct ucred arguments instead
  of struct proc arguments.
o Introduce jailed() function to determine if a credential is jailed,
  rather than directly checking pointers all over the place.
o Convert PRISON_CHECK() macro to prison_check() function.
o Move jail() function prototypes to jail.h.
o Emulate the P_JAILED flag in fill_kinfo_proc() and no longer set the
  flag in the process flags field itself.
o Eliminate that "const" qualifier from suser/p_can/etc to reflect
  mutex use.

Notes:

o Some further cleanup of the linux/jail code is still required.
o It's now possible to consider resolving some of the process vs
  credential based permission checking confusion in the socket code.
o Mutex protection of struct prison is still not present, and is
  required to protect the reference count plus some fields in the
  structure.

Reviewed by:	freebsd-arch
Obtained from:	TrustedBSD Project

1 files changed, 10 insertions, 9 deletions

diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c
index 7195be9..c114eca 100644
--- a/sys/netinet/in_pcb.c
+++ b/sys/netinet/in_pcb.c
@@ -199,7 +199,7 @@ in_pcbbind(inp, nam, p)
 			return (EAFNOSUPPORT);
 #endif
 		if (sin->sin_addr.s_addr != INADDR_ANY)
-			if (prison_ip(p, 0, &sin->sin_addr.s_addr))
+			if (prison_ip(p->p_ucred, 0, &sin->sin_addr.s_addr))
 				return(EINVAL);
 		lport = sin->sin_port;
 		if (IN_MULTICAST(ntohl(sin->sin_addr.s_addr))) {
@@ -219,12 +219,11 @@ in_pcbbind(inp, nam, p)
 		}
 		if (lport) {
 			struct inpcb *t;
-
 			/* GROSS */
 			if (ntohs(lport) < IPPORT_RESERVED && p &&
 			    suser_xxx(0, p, PRISON_ROOT))
 				return (EACCES);
-			if (p && p->p_prison)
+			if (p && jailed(p->p_ucred))
 				prison = 1;
 			if (so->so_cred->cr_uid != 0 &&
 			    !IN_MULTICAST(ntohl(sin->sin_addr.s_addr))) {
@@ -274,7 +273,7 @@ in_pcbbind(inp, nam, p)
 		int count;
 
 		if (inp->inp_laddr.s_addr != INADDR_ANY)
-			if (prison_ip(p, 0, &inp->inp_laddr.s_addr ))
+			if (prison_ip(p->p_ucred, 0, &inp->inp_laddr.s_addr ))
 				return (EINVAL);
 		inp->inp_flags |= INP_ANONPORT;
 
@@ -345,7 +344,7 @@ in_pcbbind(inp, nam, p)
 		}
 	}
 	inp->inp_lport = lport;
-	if (prison_ip(p, 0, &inp->inp_laddr.s_addr))
+	if (prison_ip(p->p_ucred, 0, &inp->inp_laddr.s_addr))
 		return(EINVAL);
 	if (in_pcbinshash(inp) != 0) {
 		inp->inp_laddr.s_addr = INADDR_ANY;
@@ -492,11 +491,13 @@ in_pcbconnect(inp, nam, p)
 	struct sockaddr_in *ifaddr;
 	struct sockaddr_in *sin = (struct sockaddr_in *)nam;
 	struct sockaddr_in sa;
+	struct ucred *cred;
 	int error;
 
-	if (inp->inp_laddr.s_addr == INADDR_ANY && p->p_prison != NULL) {
+	cred = inp->inp_socket->so_cred;
+	if (inp->inp_laddr.s_addr == INADDR_ANY && jailed(cred)) {
 		bzero(&sa, sizeof (sa));
-		sa.sin_addr.s_addr = htonl(p->p_prison->pr_ip);
+		sa.sin_addr.s_addr = htonl(cred->cr_prison->pr_ip);
 		sa.sin_len=sizeof (sa);
 		sa.sin_family = AF_INET;
 		error = in_pcbbind(inp, (struct sockaddr *)&sa, p);
@@ -1068,9 +1069,9 @@ in_pcbremlists(inp)
 int
 prison_xinpcb(struct proc *p, struct inpcb *inp)
 {
-	if (!p->p_prison)
+	if (!jailed(p->p_ucred))
 		return (0);
-	if (ntohl(inp->inp_laddr.s_addr) == p->p_prison->pr_ip)
+	if (ntohl(inp->inp_laddr.s_addr) == p->p_ucred->cr_prison->pr_ip)
 		return (0);
 	return (1);
 }